Jump to content

Question re: EsetIpBlacklist


j-gray
 Share

Recommended Posts

In ESMC, ESET Server Security logs a detection type 'Security vulnerability exploitation attempt' caused by EsetIpBlacklist. The detection type is labelled as 'Firewall'.

As the Server Security policies don't have a specific 'Firewall' section or component, can anyone clarify what component exactly is responsible for this protection?

My assumption is that it's the IDS component of Network Protection, but I'm not entirely sure.

TIA

Link to comment
Share on other sites

  • Administrators

Yes, it's Network protection that blocks addresses seen to generate malicious communication. Do you suspect a particular IP address to be blocked incorrectly?

Link to comment
Share on other sites

4 minutes ago, Marcos said:

Yes, it's Network protection that blocks addresses seen to generate malicious communication. Do you suspect a particular IP address to be blocked incorrectly?

Thanks for the reply.

There's no visibility or information (other than blacklist) to help us determine why the IP is being blocked. All we know is that they are IP's that are external to our network.

Is there any more detailed information logged somewhere?

Link to comment
Share on other sites

  • Administrators
10 minutes ago, j-gray said:

Is there any more detailed information logged somewhere?

No. However, if you provide the IP address I could search for possible reasons.

Link to comment
Share on other sites

9 minutes ago, Marcos said:

No. However, if you provide the IP address I could search for possible reasons.

Thanks -I just sent the IPs via PM. Hope that's ok.

Link to comment
Share on other sites

@Marcos The bulk of the hits are coming frequently and from one cloud hosting provider: 192.241.128.0/17

We have IDS and IPS in place at our edge, but they're not detecting this traffic.

Is the ESET component simply a block list, or is there some other logic/analysis in place? 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...